Technology.Life.Insight.

HP’s Integrated Lights Out is an out-of-band management feature, provided throughout the Proliant server line, that allows for remote server management via a dedicated module and private network connection. The iLO operating system is firmware based and can be flash upgraded from within the iLO environment itself, from within the server OS, or remotely. Access control can be defined per iLO system using local user accounts (default) or via Active Directory. To integrate with AD the schema must first be extended, iLO objects created, logon policies defined, and policies configured in each iLO management processor (MP).
One of my favorite, albeit extremely hard to find, tools is HP’s Lights-out Migration Utility. Using this tool, one can extend the AD schema to support iLO integration, install management plug-ins into the ADUC MMC, manage the firmware of entire networks of iLO devices at once, and configure the access method for all iLO devices as well.
When first loading the utility package you are presented with three options: Schema Extender, Snap-ins, and Directories Migration Utility. If you’re just looking to mass-manage the firmware of your iLOs you can skip the first two options. If you want to extend your AD schema to integrate your iLOs just go down this list in order as it is fairly self explanatory. The rest of this blog entry will focus on the third option, the Directories Migration Utility.

Clicking the third button will invoke the migration utility installer which will create a start-menu shortcut for easy access. When first launching the utility, the startup screen outlines the steps that the tool provides. Although this tool was intended to be used for LDAP-integration it can serve as a great general purpose bulk iLO management tool.

The first step is to scan the network for your iLO devices. You can do this ad-hoc, define an IP range, or specify an entire subnet. You need to specify the local iLO username and password before clicking “verify.” The tool will then comb the network range you’ve entered and display information about each MP it finds. In my example there is only one MP but you can scan for hundreds.

While it’s scanning, go ahead and prepare the latest firmware images for each iLO version in your environment. The tool will discover iLO and iLO2 and can upgrade both versions simultaneously. The easiest way to do this is to download the “Online ROM Flash Component for Windows-HP Integrated Lights-Out2” (or iLO v1) and EXTRACT the files, don’t install. In the extracted files look for <device name>_<firmware version>.bin, i.e. ilo2_178.bin. Pull this file out and store somewhere convenient. Repeat for iLO v1 firmware.

Once all your iLOs have been discovered, on the next screen you can point to each iLO version image file and upgrade the firmware of each that needs it. *Please note that your iLO MP will reboot as part of the flash process so any network monitoring will report a brief outage.

If you’re only looking to bulk upgrade iLO firmware then you can stop right here, or if you extended your AD schema you can continue to configure each iLO for integration. There are additional required steps on the AD side to create each iLO MP object and assign a management policy so the following is only the second half of the solution. On the next screen in the tool you can configure each MP to use the new extended schema, disable LDAP support and whether or not to allow the use of local accounts. While iLO AD-integration works very well, I still get nervous about disabling local account use. It’s always good to have a back door, especially since iLO itself is a backdoor to your server. You need to first specify these options, then on the next screen click “configure” to push the settings to each selected iLO MP.

I don’t know why it’s so hard to find this utility on hp.com but it is. It is definitely a great tool to have in your arsenal if you manage a Proliant shop!